The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.126 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory instructions in the core dump path, leading to a denial of service . - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call . - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service . - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c allowed local users to cause a denial of service via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code . The following non-security bugs were fixed: - acpica: Add header support for TPM2 table changes . - acpica: Add support for new SRAT subtable . - acpica: iasl: Update to IORT SMMUv3 disassembling . - acpi/iort: numa: Add numa node mapping for smmuv3 devices . - acpi, numa: fix pxm to online numa node associations . - acpi / pmic: xpower: Fix power_table addresses . - acpi/processor: Fix error handling in __acpi_processor_start . - acpi/processor: Replace racy task affinity logic . - add mainline tag to various patches to be able to get further work done - af_iucv: enable control sends in case of SEND_SHUTDOWN . - agp/intel: Flush all chipset writes after updating the GGTT . - ahci: Add PCI-id for the Highpoint Rocketraid 644L card . - alsa: aloop: Fix access to not-yet-ready substream via cable . - alsa: aloop: Sync stale timer before release . - alsa: firewire-digi00x: handle all MIDI messages on streaming packets . - alsa: hda: Add a power_save blacklist . - alsa: hda: add dock and led support for HP EliteBook 820 G3 . - alsa: hda: add dock and led support for HP ProBook 640 G2 . - alsa: hda/realtek - Always immediately update mute LED with pin VREF . - alsa: hda/realtek - Fix dock line-out volume on Dell Precision 7520 . - alsa: hda/realtek - Fix speaker no sound after system resume . - alsa: hda - Revert power_save option default value . - alsa: pcm: Fix UAF in snd_pcm_oss_get_formats . - alsa: usb-audio: Add a quirck for Bamp;W PX headphones . - alsa: usb-audio: Fix parsing descriptor of UAC2 processing unit . - apparmor: Make path_max parameter readonly . - arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support . - arm64: Add missing Falkor part number for branch predictor hardening . - arm64: capabilities: Handle duplicate entries for a capability . - arm64: cpufeature: __this_cpu_has_cap shouldn"t stop early . - arm64 / cpuidle: Use new cpuidle macro for entering retention state . - arm64: Enforce BBM for huge IO/VMAP mappings . - arm64: fix smccc compilation . - arm64: Kill PSCI_GET_VERSION as a variant-2 workaround . - arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling . - arm64: KVM: Increment PC after handling an SMC trap . - arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support . - arm64: mm: do not write garbage into TTBR1_EL1 register . - arm64: mm: fix thinko in non-global page table attribute check . - arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery . - arm: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER . - arm/arm64: KVM: Add PSCI_VERSION helper . - arm/arm64: KVM: Add smccc accessors to PSCI code . - arm/arm64: KVM: Advertise SMCCC v1.1 . - arm/arm64: KVM: Consolidate the PSCI include files . - arm/arm64: KVM: Implement PSCI 1.0 support . - arm/arm64: KVM: Turn kvm_psci_version into a static inline . - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive . - arm/arm64: smccc: Make function identifiers an unsigned quantity . - arm: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP . - arm: dts: Adjust moxart IRQ controller and flags . - arm: dts: am335x-pepper: Fix the audio CODEC"s reset pin . - arm: dts: exynos: Correct Trats2 panel reset line . - arm: dts: koelsch: Correct clock frequency of X2 DU clock input . - arm: dts: LogicPD Torpedo: Fix I2C1 pinmux . - arm: dts: LogicPD Torpedo: Fix I2C1 pinmux . - arm: dts: omap3-n900: Fix the audio CODEC"s reset pin . - arm: dts: r8a7790: Correct parent of SSI[0-9] clocks . - arm: dts: r8a7791: Correct parent of SSI[0-9] clocks . - arm: mvebu: Fix broken PL310_ERRATA_753970 selects . - asoc: rcar: ssi: do not set SSICR.CKDV = 000 with SSIWSR.CONT . - ath10k: disallow DFS simulation if DFS channel is not enabled . - ath10k: fix invalid STS_CAP_OFFSET_MASK . - ath10k: update tdls teardown state to target . - ath: Fix updating radar flags for coutry code India . - batman-adv: handle race condition for claims between gateways . - bcache: do not attach backing with duplicate UUID . - blkcg: fix double free of new_blkg in blkcg_init_queue . - blk-throttle: make sure expire time isn"t too big . - block: do not assign cmd_flags in __blk_rq_prep_clone . - block-mq: stop workqueue items in blk_mq_stop_hw_queue . - bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 . - bluetooth: hci_qca: Avoid setup failure on missing rampatch . - bnx2x: Align RX buffers . - bonding: refine bond_fold_stats wrap detection . - bpf: fix incorrect sign extension in check_alu_op . - bpf: skip unnecessary capability check . - bpf, x64: implement retpoline for tail call . - bpf, x64: increase number of passes . - braille-console: Fix value returned by _braille_console_setup . - brcmfmac: fix P2P_DEVICE ethernet address generation . - bridge: check brport attr show in brport_show . - btrfs: alloc_chunk: fix DUP stripe size handling . - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device . - btrfs: improve delayed refs iterations . - btrfs: incremental send, fix invalid memory access . - btrfs: preserve i_mode if __btrfs_set_acl fails . - btrfs: send, fix file hole not being preserved due to inline extent . - can: cc770: Fix queue stall amp; dropped RTR reply . - can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack . - can: cc770: Fix use after free in cc770_tx_interrupt . - ceph: only dirty ITER_IOVEC pages for direct read . - ch9200: use skb_cow_head to deal with cloned skbs . - clk: bcm2835: Protect sections updating shared registers . - clk: ns2: Correct SDIO bits . - clk: qcom: msm8916: fix mnd_width for codec_digcodec . - clk: si5351: Rename internal plls to avoid name collisions . - coresight: Fix disabling of CoreSight TPIU . - coresight: Fixes coresight DT parse to get correct output port ID . - cpufreq: Fix governor module removal race . - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init . - cpufreq/sh: Replace racy task affinity logic . - cpuidle: Add new macro to enter a retention idle state . - cros_ec: fix nul-termination for firmware build info . - crypto: cavium - fix memory leak on info . - dcache: Add cond_resched in shrink_dentry_list . - dccp: check sk for closed state in dccp_sendmsg . - dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped . - dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 . - dm: Always copy cmd_flags when cloning a request . - driver: set the m,b and R coefficients correctly for power . - drm: Allow determining if current task is output poll worker . - drm/amdgpu/dce: Do not turn off DP sink when disconnected . - drm/amdgpu: Fail fb creation from imported dma-bufs. - drm/amdgpu: Fix deadlock on runtime suspend . - drm/amdgpu: fix KV harvesting . - drm/amdgpu: Notify sbios device ready before send request . - drm/amdkfd: Fix memory leaks in kfd topology . - drm: Defer disabling the vblank IRQ until the next interrupt . - drm/edid: set ELD connector type in drm_edid_to_eld . - drm/i915/cmdparser: Do not check past the cmd length . - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit . - drm/msm: fix leak in failed get_pages . - drm/nouveau: Fix deadlock on runtime suspend . - drm/nouveau/kms: Increase max retries in scanout position queries . - drm/omap: DMM: Check for DMM readiness after successful transaction commit . - drm: qxl: Do not alloc fbdev if emulation is not supported . - drm/radeon: Do not turn off DP sink when disconnected . - drm/radeon: Fail fb creation from imported dma-bufs . - drm/radeon: Fix deadlock on runtime suspend . - drm/radeon: fix KV harvesting . - drm: udl: Properly check framebuffer mmap offsets . - drm/vmwgfx: Fix a destoy-while-held mutex problem . - drm/vmwgfx: Fixes to vmwgfx_fb . - e1000e: Avoid missed interrupts following ICR read . - e1000e: Avoid receiver overrun interrupt bursts . - e1000e: Fix check_for_link return value with autoneg off . - e1000e: Fix link check race condition . - e1000e: Fix queue interrupt re-raising in Other interrupt . - e1000e: fix timing for 82579 Gigabit Ethernet controller . - e1000e: Remove Other from EIAC . - edac, sb_edac: Fix out of bound writes during DIMM configuration on KNL . - ext4: inplace xattr block update fails to deduplicate blocks . - f2fs: relax node version check for victim data in gc . - fib_semantics: Do not match route with mismatching tclassid . - firmware/psci: Expose PSCI conduit . - firmware/psci: Expose SMCCC version through psci_ops . - fixup: sctp: verify size of a new chunk in _sctp_make_chunk . - fs/aio: Add explicit RCU grace period when freeing kioctx . - fs/aio: Use RCU accessors for kioctx_table-gt;table[] . - fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate . - fs: Teach path_connected to handle nfs filesystems with multiple roots . - genirq: Track whether the trigger type has been set . - genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs . - hdlc_ppp: carrier detect ok, do not turn off negotiation . - hid: clamp input to logical range if no null state . - hid: reject input outside logical range only if null state is set . - hugetlbfs: fix offset overflow in hugetlbfs mmap . - hv_balloon: fix bugs in num_pages_onlined accounting . - hv_balloon: fix printk loglevel . - hv_balloon: simplify hv_online_page/hv_page_online_one . - i2c: i2c-scmi: add a MS HID . - i2c: xlp9xx: Check for Bus state before every transfer . - i2c: xlp9xx: Handle NACK on DATA properly . - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly . - i2c: xlp9xx: return ENXIO on slave address NACK . - i40e: Acquire NVM lock before reads on all devices . - i40e: avoid NVM acquire deadlock during NVM update . - ia64: fix module loading for gcc-5.4 . - ib/ipoib: Avoid memory leak if the SA returns a different DGID . - ib/ipoib: Update broadcast object if PKey value was changed in index 0 . - ib/mlx4: Change vma from shared to private . - ib/mlx4: Take write semaphore when changing the vma struct . - ibmvfc: Avoid unnecessary port relogin . - ibmvnic: Disable irqs before exiting reset from closed state . - ibmvnic: Do not reset CRQ for Mobility driver resets . - ibmvnic: Fix DMA mapping mistakes . - ibmvnic: Fix failover case for non-redundant configuration . - ibmvnic: Fix reset return from closed state . - ibmvnic: Fix reset scheduler error handling . - ibmvnic: Potential NULL dereference in clean_one_tx_pool . - ibmvnic: Remove unused TSO resources in TX pool structure . - ibmvnic: Update TX pool cleaning routine . - ibmvnic: Zero used TX descriptor counter on reset . - ib/umem: Fix use of npages/nmap fields . - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event . - iio: st_pressure: st_accel: Initialise sensor platform data properly . - iio: st_pressure: st_accel: pass correct platform data to init . - ima: relax requiring a file signature for new files with zero length . - infiniband/uverbs: Fix integer overflows . - input: matrix_keypad - fix race when disabling interrupts . - input: qt1070 - add OF device ID table . - input: tsc2007 - check for presence and power down tsc2007 during probe . - iommu/omap: Register driver before setting IOMMU ops . - iommu/vt-d: clean up pr_irq if request_threaded_irq fails . - ip6_vti: adjust vti mtu according to mtu of lower device . - ipmi: do not probe ACPI devices if si_tryacpi is unset . - ipmi: Fix the I2C address extraction from SPMI tables . - ipmi_ssif: Fix kernel panic at msg_done_handler . - ipmi_ssif: Fix logic around alert handling . - ipmi_ssif: remove redundant null check on array client-gt;adapter-gt;name . - ipmi_ssif: unlock on allocation failure . - ipmi:ssif: Use i2c_adapter_id instead of adapter-gt;nr . - ipmi: Use the proper default value for register size in ACPI . - ipmi/watchdog: fix wdog hang on panic waiting for ipmi response . - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option . - ipv6 sit: work around bogus gcc-8 -Wrestrict warning . - ipvlan: add L2 check for packets arriving via virtual devices . - irqchip/gic-v3-its: Add ACPI NUMA node mapping . - irqchip/gic-v3-its: Allow GIC ITS number more than MAX_NUMNODES . - irqchip/gic-v3-its: Ensure nr_ites gt;= nr_lpis . - irqchip/gic-v3-its: Remove ACPICA version check for ACPI NUMA . - kbuild: disable clang"s default use of -fmerge-all-constants . - kbuild: Handle builtin dtb file names containing hyphens . - kprobes/x86: Fix kprobe-booster not to boost far call instructions . - kprobes/x86: Fix to set RWX bits correctly before releasing trampoline . - kprobes/x86: Set kprobes pages read-only . - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED . - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending . - kvm: arm/arm64: vgic: Do not populate multiple LRs with the same vintid . - kvm: arm/arm64: vgic-its: Check result of allocation before use . - kvm: arm/arm64: vgic-its: Preserve the revious read from the pending table . - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 . - kvm: mmu: Fix overlap between public and private memslots . - kvm: nVMX: fix nested tsc scaling . - kvm: PPC: Book3S PR: Exit KVM on failed mapping . - kvm/x86: fix icebp instruction handling . - l2tp: do not accept arbitrary sockets . - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs . - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs . - libata: disable LPM for Crucial BX100 SSD 500GB drive . - libata: Enable queued TRIM for Samsung SSD 860 . - libata: fix length validation of ATAPI-relayed SCSI commands . - libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions . - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version . - libata: remove WARN for DMA or PIO command without data . - lock_parent needs to recheck if dentry got __dentry_kill"ed under it . - loop: Fix lost writes caused by missing flag . - lpfc: update version to 11.4.0.7-1 . - mac80211: do not parse encrypted management frames in ieee80211_frame_acked . - mac80211: do not WARN on bad WMM parameters from buggy APs . - mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED . - mac80211: remove BUG when interface type is invalid . - md-cluster: fix wrong condition check in raid1_write_request . - md/raid10: skip spare disk as "first" disk . - md/raid10: wait up frozen array in handle_write_completed . - md/raid6: Fix anomily when recovering a single device in RAID6 . - media: au0828: fix VIDEO_V4L2 dependency . - media: bt8xx: Fix err "bt878_probe" . - media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt . - media: cpia2: Fix a couple off by one bugs . - media: cx25821: prevent out-of-bounds read on array card . - media/dvb-core: Race condition when writing to CAM . - media: i2c/soc_camera: fix ov6650 sensor getting wrong clock . - media: m88ds3103: do not call a non-initalized function . - media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart . - media: s3c-camif: fix out-of-bounds array access . - mfd: palmas: Reset the POWERHOLD mux during power off . - mmc: avoid removing non-removable hosts during suspend . - mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs . - mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit systems . - mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a . - mm: Fix false-positive VM_BUG_ON in page_cache_{get,add}_speculative . - mm/hugetlb.c: do not call region_abort if region_chg fails . - mm/vmalloc: add interfaces to free unmapped page table . - mpls, nospec: Sanitize array index in mpls_label_ok . - mt7601u: check return value of alloc_skb . - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp] . - mtd: nand: fsl_ifc: Fix nand waitfunc return value . - mtip32xx: use runtime tag to initialize command header . - net/8021q: create device with all possible features in wanted_features . - net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred . - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface . - net/faraday: Add missing include of of.h . - net: fec: Fix unbalanced PM runtime calls . - netfilter: add back stackpointer size checks . - netfilter: bridge: ebt_among: add missing match size checks . - netfilter: IDLETIMER: be syzkaller friendly . - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt . - netfilter: nat: cope with negative port range . - netfilter: use skb_to_full_sk in ip_route_me_harder . - netfilter: x_tables: fix missing timer initialization in xt_LED . - netfilter: xt_CT: fix refcnt leak on error path . - net: Fix hlist corruptions in inet_evict_bucket . - net: fix race on decreasing number of TX queues . - net: hns: Fix ethtool private flags . - net: ipv4: avoid unused variable warning for sysctl . - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 . - net: ipv6: send unsolicited NA after DAD . - net: ipv6: send unsolicited NA on admin up . - net/iucv: Free memory obtained by kzalloc . - netlink: avoid a double skb free in genlmsg_mcast . - netlink: ensure to loop over all netns in genlmsg_multicast_allns . - net: mpls: Pull common label check into helper . - net: Only honor ifindex in IP_PKTINFO if non-0 . - net: systemport: Rewrite __bcm_sysport_tx_reclaim . - net: xfrm: allow clearing socket xfrm policies . - nfc: nfcmrvl: double free on error path . - nfc: nfcmrvl: Include unaligned.h instead of access_ok.h . - nfsd4: permit layoutget of executable-only files . - nfs: Fix an incorrect type in struct nfs_direct_req . - nospec: Allow index argument to have const-qualified type . - nospec: Include lt;asm/barrier.hgt; dependency . - nvme: do not send keep-alive frames during reset . - nvme: do not send keep-alives to the discovery controller . - nvme: expand nvmf_check_if_ready checks . - nvme/rdma: do no start error recovery twice . - nvmet_fc: prevent new io rqsts in possible isr completions . - of: fix of_device_get_modalias returned length when truncating buffers . - openvswitch: Delete conntrack entry clashing with an expectation . - Partial revert quot;e1000e: Avoid receiver overrun interrupt burstsquot; . - pci/ACPI: Fix bus range comparison in pci_mcfg_lookup . - pci: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L . - pci: Add pci_reset_function_locked . - pci: Apply Cavium ACS quirk only to CN81xx/CN83xx/CN88xx devices . - pci: Avoid FLR for Intel 82579 NICs . - pci: Avoid slot reset if bridge itself is broken . - pci: Export pcie_flr . - pci: hv: Fix 2 hang issues in hv_compose_msi_msg . - pci: hv: Fix a comment typo in _hv_pcifront_read_config . - pci: hv: Only queue new work items in hv_pci_devices_present if necessary . - pci: hv: Remove the bogus test in hv_eject_device_work . - pci: hv: Serialize the present and eject work items . - pci: Mark Haswell Power Control Unit as having non-compliant BARs . - pci/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown . - pci: Probe for device reset support during enumeration . - pci: Protect pci_error_handlers-gt;reset_notify usage with device_lock . - pci: Protect restore with device lock to be consistent . - pci: Remove __pci_dev_reset and pci_dev_reset . - pci: Remove redundant probes for device reset support . - pci: Wait for up to 1000ms after FLR reset . - perf inject: Copy events when reordering events in pipe mode . - perf probe: Return errno when not hitting any event . - perf session: Do not rely on evlist in pipe mode . - perf sort: Fix segfault with basic block "cycles" sort dimension . - perf tests kmod-path: Do not fail if compressed modules are not supported . - perf tools: Make perf_event__synthesize_mmap_events scale . - perf/x86/intel: Do not accidentally clear high bits in bdw_limit_period . - perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on Skylake servers . - pinctrl: Really force states during suspend/resume . - platform/chrome: Use proper protocol transfer function . - platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA . - power: supply: pda_power: move from timer to delayed_work . - ppp: prevent unregistered channels from connecting to PPP units . - pty: cancel pty slave port buf"s work in tty_release . - pwm: tegra: Increase precision in PWM rate calculation . - qed: Free RoCE ILT Memory on rmmod qedr . - qed: Use after free in qed_rdma_free . - qeth: repair SBAL elements calculation . - qlcnic: fix unchecked return value . - rcutorture/configinit: Fix build directory error message . - rdma/cma: Use correct size when writing netlink stats . - rdma/core: Do not use invalid destination in determining port reuse . - rdma/iwpm: Fix uninitialized error code in iwpm_send_mapinfo . - rdma/mlx5: Fix integer overflow while resizing CQ . - rdma/ocrdma: Fix permissions for OCRDMA_RESET_STATS . - rdma/ucma: Check that user does not overflow QP state . - rdma/ucma: Fix access to non-initialized CM_ID object . - rdma/ucma: Limit possible option size . - regmap: Do not use format_val in regmap_bulk_read . - regmap: Fix reversed bounds check in regmap_raw_write . - regmap: Format data for raw write in regmap_bulk_write . - regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write . - regulator: anatop: set default voltage selector for pcie . - reiserfs: Make cancel_old_flush reliable . - Revert quot;ARM: dts: LogicPD Torpedo: Fix I2C1 pinmuxquot; . - Revert quot;e1000e: Separate signaling for link check/link upquot; . - Revert quot;genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQsquot; . - Revert quot;ipvlan: add L2 check for packets arriving via virtual devicesquot; . - Revert quot;led: core: Fix brightness setting when setting delay_off=0quot; . - rndis_wlan: add return value validation . - rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs . - rtlwifi: rtl8723be: Fix loss of signal . - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled . - s390/mm: fix local TLB flushing vs. detach of an mm address space . - s390/mm: fix race on mm-gt;context.flush_mm . - s390/mm: no local TLB flush for clearing-by-ASCE IDTE . - s390/qeth: apply takeover changes when mode is toggled . - s390/qeth: do not apply takeover changes to RXIP . - s390/qeth: fix double-free on IP add/remove race . - s390/qeth: fix IPA command submission race . - s390/qeth: fix IP address lookup for L3 devices . - s390/qeth: fix IP removal on offline cards . - s390/qeth: fix SETIP command handling . - s390/qeth: free netdevice when removing a card . - s390/qeth: improve error reporting on IP add/removal . - s390/qeth: lock IP table while applying takeover changes . - s390/qeth: lock read device while queueing next buffer . - s390/qeth: on channel error, reject further cmd requests . - s390/qeth: update takeover IPs after configuration change . - s390/qeth: when thread completes, wake up all waiters . - sched: act_csum: do not mangle TCP and UDP GSO packets . - sched: Stop resched_cpu from sending IPIs to offline CPUs . - sched: Stop switched_to_rt from sending IPIs to offline CPUs . - scsi: core: scsi_get_device_flags_keyed: Always return device flags . - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP . - scsi: dh: add new rdac devices . - scsi: lpfc: Add missing unlock in WQ full logic . - scsi: lpfc: Code cleanup for 128byte wqe data type . - scsi: lpfc: Fix mailbox wait for POST_SGL mbox command . - scsi: lpfc: Fix NVME Initiator FirstBurst . - scsi: lpfc: Fix SCSI lun discovery when port configured for both SCSI and NVME . - scsi: lpfc: Memory allocation error during driver start-up on power8 . - scsi: mac_esp: Replace bogus memory barrier with spinlock . - scsi: sg: check for valid direction before starting the request . - scsi: sg: fix SG_DXFER_FROM_DEV transfers . - scsi: sg: fix static checker warning in sg_is_valid_dxfer . - scsi: sg: only check for dxfer_len greater than 256M . - scsi: virtio_scsi: always read VPD pages for multiqueue too . - scsi: virtio_scsi: Always try to read VPD pages . - sctp: fix dst refcnt leak in sctp_v4_get_dst . - sctp: fix dst refcnt leak in sctp_v6_get_dst . - sctp: verify size of a new chunk in _sctp_make_chunk . - selftests/x86: Add tests for the STR and SLDT instructions . - selftests/x86: Add tests for User-Mode Instruction Prevention . - selftests/x86/entry_from_vm86: Add test cases for POPF . - selftests/x86/entry_from_vm86: Exit with 1 if we fail . - selinux: check for address length in selinux_socket_bind . - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device . - serial: sh-sci: prevent lockup on full TTY buffers . - skbuff: Fix not waking applications when errors are enqueued . - sm501fb: do not return zero on failure path in sm501fb_start . - solo6x10: release vb2 buffers in solo_stop_streaming . - spi: dw: Disable clock after unregistering the host . - spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer . - spi: sun6i: disable/unprepare clocks on remove . - staging: android: ashmem: Fix lockdep issue during llseek . - staging: android: ashmem: Fix possible deadlock in ashmem_ioctl . - staging: comedi: fix comedi_nsamples_left . - staging: lustre: ptlrpc: kfree used instead of kvfree . - staging: ncpfs: memory corruption in ncp_read_kernel . - staging: speakup: Replace BUG_ON with WARN_ON . - staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK set to y . - staging: wilc1000: add check for kmalloc allocation failure . - staging: wilc1000: fix unchecked return value . - sysrq: Reset the watchdog timers while displaying high-resolution timers . - target: prefer dbroot of /etc/target over /var/target . - tcm_fileio: Prevent information leak for short reads . - tcp: remove poll flakes with FastOpen . - tcp: sysctl: Fix a race to avoid unexpected 0 window from space . - team: Fix double free in error path . - test_firmware: fix setting old custom fw path back on exit . - time: Change posix clocks ops interfaces to use timespec64 . - timers, sched_clock: Update timeout for clock wrap . - tools/usbip: fixes build with musl libc toolchain . - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus . - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus . - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus . - tpm/tpm_crb: Use start method value from ACPI table directly . - tracing: probeevent: Fix to support minus offset from symbol . - tty/serial: atmel: add new version check for usart . - tty: vt: fix up tabstops properly . - uas: fix comparison for error code . - ubi: Fix race condition between ubi volume creation and udev . - udplite: fix partial checksum initialization . - usb: Do not print a warning if interface driver rebind is deferred at resume . - usb: dwc2: Make sure we disconnect the gadget state . - usb: gadget: bdc: 64-bit pointer capability check . - usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control . - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb . - usb: gadget: udc: Add missing platform_device_put on error in bdc_pci_probe . - usb: quirks: add control message delay for 1b1c:1b20 . - usb: storage: Add JMicron bridge 152d:2567 to unusual_devs.h . - usb: usbmon: Read text within supplied buffer size . - usb: usbmon: remove assignment from IS_ERR argument . - veth: set peer GSO values . - vgacon: Set VGA struct resource types . - video: ARM CLCD: fix dma allocation size . - video: fbdev: udlfb: Fix buffer on stack . - video/hdmi: Allow quot;emptyquot; HDMI infoframes . - vxlan: vxlan dev should inherit lowerdev"s gso_max_size . - wan: pc300too: abort path on failure . - watchdog: hpwdt: Check source of NMI . - watchdog: hpwdt: fix unused variable warning . - watchdog: hpwdt: SMBIOS check . - watchdog: sbsa: use 32-bit read for WCV . - wil6210: fix memory access violation in wil_memcpy_from/toio_32 . - workqueue: Allow retrieval of current task"s work struct . - x86/apic/vector: Handle legacy irq data correctly . - x86/boot/64: Verify alignment of the LOAD segment . - x86/build/64: Force the linker to use 2MB page size . - x86/entry/64: Do not use IST entry for #BP stack . - x86: i8259: export legacy_pic symbol . - x86/kaiser: Duplicate cpu_tss for an entry trampoline usage . - x86/kaiser: enforce trampoline stack alignment . - x86/kaiser: Remove a user mapping of cpu_tss structure . - x86/kaiser: Use a per-CPU trampoline stack for kernel entry . - x86/MCE: Serialize sysfs changes . - x86/mm: Fix vmalloc_fault to use pXd_large . - x86/mm: implement free pmd/pte page interfaces . - x86/module: Detect and skip invalid relocations . - x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist . - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 . - x86/vm86/32: Fix POPF emulation . - xen-blkfront: fix mq start/stop race . - xen-netback: use skb to determine number of required guest Rx requests .